Actions
Feature #1158
closedParser DNS TXT data parsing and logging
Effort:
Difficulty:
Label:
Description
I am trying to detect DNS Tunneling.
For this I use the DNS logger in Suricata 2.0.
But when TXT answers have lot of data, the DNS logger say '<no data>'.
Files
Updated by Christie Bunlon about 9 years ago
Sorry is not the parser but the DNS logger.
Updated by Victor Julien about 9 years ago
- Status changed from New to Assigned
- Assignee set to Victor Julien
- Target version set to 2.0.1rc1
I think this is only matter of extending the dns loggers. If it turns out to be more involved it will likely go into 2.1.
Updated by Victor Julien about 9 years ago
- Target version changed from 2.0.1rc1 to 2.0.2
Updated by Victor Julien about 9 years ago
- % Done changed from 0 to 50
Please test: https://github.com/inliniac/suricata/pull/967
Updated by Victor Julien about 9 years ago
- Tracker changed from Bug to Feature
- Subject changed from Parser DNS no parsing TXT data to Parser DNS TXT data parsing and logging
Updated by Christie Bunlon about 9 years ago
I have tested it but it seems still not working,saying again <no data> with 90dns22.pcap
Updated by Victor Julien about 9 years ago
I'm not getting any 'no data' with this branch, are you sure you tested the branch from pull request 967?
Updated by Christie Bunlon about 9 years ago
Sorry, i made a mistake with my suricata.
It's logging correctly the answers now.
Thank you for your help. You can close the ticket. :)
Updated by Victor Julien about 9 years ago
- Status changed from Assigned to Closed
- % Done changed from 50 to 100
Actions